CyberAlerts

CVE-2025-29008

WordPress SocialMark <= 2.0.7 - Server Side Request Forgery (SSRF) Vulnerability

Description: Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMark allows Server Side Request Forgery. This issue affects SocialMark: from n/a through 2.0.7.

CVSS: MEDIUM (4.9)

Source: CVE

June 6th, 2025 (1 day ago)

CVE-2025-29006

WordPress Direct Checkout for WooCommerce Lite <= 1.0.3 - Broken Access Control Vulnerability

Description: Missing Authorization vulnerability in centangle Direct Checkout for WooCommerce Lite allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Direct Checkout for WooCommerce Lite: from n/a through 1.0.3.

CVSS: MEDIUM (5.3)

Source: CVE

June 6th, 2025 (1 day ago)

CVE-2025-29005

WordPress HR Management Lite <= 3.3 - Cross Site Request Forgery (CSRF) Vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in weblizar HR Management Lite allows Cross Site Request Forgery. This issue affects HR Management Lite: from n/a through 3.3.

CVSS: MEDIUM (4.3)

Source: CVE

June 6th, 2025 (1 day ago)

CVE-2025-29003

WordPress The Holiday Calendar <= 1.18.2.1 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mva7 The Holiday Calendar allows Stored XSS. This issue affects The Holiday Calendar: from n/a through 1.18.2.1.

CVSS: MEDIUM (6.5)

Source: CVE

June 6th, 2025 (1 day ago)

CVE-2025-28997

WordPress WP AutoKeyword <= 1.0 - Broken Access Control Vulnerability

Description: Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0.

CVSS: MEDIUM (5.3)

Source: CVE

June 6th, 2025 (1 day ago)

CVE-2025-28996

WordPress GPP Slideshow <= 1.3.5 - Broken Access Control Vulnerability

Description: Missing Authorization vulnerability in Thad Allender GPP Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GPP Slideshow: from n/a through 1.3.5.

CVSS: MEDIUM (4.3)

Source: CVE

June 6th, 2025 (1 day ago)

CVE-2025-28995

WordPress Viral Loops WP Integration <= 3.8.1 - Broken Access Control Vulnerability

Description: Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1.

CVSS: MEDIUM (5.3)

Source: CVE

June 6th, 2025 (1 day ago)

CVE-2025-28994

WordPress Viral Loops WP Integration <= 3.8.1 - Broken Access Control Vulnerability

Description: Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1.

CVSS: MEDIUM (4.3)

Source: CVE

June 6th, 2025 (1 day ago)

CVE-2025-28989

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arildur Read More Login allows Stored XSS. This issue affects Read More Login: from n/a through 2.0.3.

CVSS: MEDIUM (5.9)

Source: CVE

June 6th, 2025 (1 day ago)

CVE-2025-28986

WordPress Epicwin Plugin plugin <= 1.5 - CSRF to SQL Injection vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin allows SQL Injection. This issue affects Epicwin Plugin: from n/a through 1.5.

CVSS: HIGH (8.2)

Source: CVE

June 6th, 2025 (1 day ago)

Threat and Vulnerability Intelligence Database

Example Searches: